Can you run the bank AND change the bank together?

By Peyman Mestchian, Managing Partner at Chartis

It has been almost seven years since the financial crisis hit, but global banks are still feeling its effects. In the aftermath, financial institutions face increased regulation, falling profitability and the need to update their risk management systems. These challenges require the re-alignment of risk management practices and the introduction of robust technology systems.

These are not simple undertakings. In each area — regulation, return on equity, and risk — long-term strategic projects of up to five years will be needed to be successful. However, many regulations are coming in the next six to 12 months, so firms need to be ready to comply immediately. When this happens, long-term goals and projects can be undermined by short-term requirements. As a result, the run-the-bank requirements may prevent the firm from putting change-the-bank plans into practice.

Chartis estimates that 90 percent of banks are currently investing in tactical risk-technology solutions, while only 10 percent are actively
re-evaluating their overall risk technology strategy.

Banking executives have to keep asking: Do we want to simply run the bank? Or do we want to change the bank?

For many banks the temptation to take a short-term, cheap and reactive approach is very strong. A tactical approach will satisfy boards that see compliance as a box-ticking exercise and seek the minimum outlay possible.

Currently, this short-term vs. long-term dilemma is most apparent in reactions to the Basel Committee’s recent requirements on risk data aggregation and risk reporting (otherwise known as BCBS 239).

BCBS 239 was created in response to the significant role played by weak risk data management and reporting practices in the financial crisis of 2007. Banks that have been identified as global, systemically important banks (G-SIBs) by the Financial Stability Board must be compliant with the principles in BCBS 239 by January 2016.

Banks need to balance this short-term compliance deadline with their longer-term business requirements like data management, system rationalization and cost reduction. Similar tactical vs. transformational choices need to be examined by all banks across the globe when addressing regulatory requirements relating to stress testing, liquidity risk management and model risk management.

The problem with short-term thinking

Chartis estimates that 90 percent of banks are currently investing in tactical risk-technology solutions, such as point solutions for specific regulatory requirements, while only 10 percent are actively re-evaluating their overall risk technology strategy.

Unfortunately, banks that are fixated on short-term compliance targets and initiatives run the risk of incurring escalating long-term costs and increasing levels of complexity. They will be left with fragmented, silo-based systems that do little to solve the risk management problems that emerged during the crisis. These fragmented systems will solve only the immediate challenges, rather than the ongoing deficiencies of risk management practices and the challenges of the future. At the same time, costs will not decrease as time goes on, but will continue at a similar rate or even increase.

Committing to a long-term strategic plan to invest in risk management technology will help firms turn risk management into a valuable resource for the firm. Improved risk management will allow the introduction of risk-adjusted performance measures, thus improving the long-term performance of the bank. They will also allow the risk function and technology systems to become more efficient, cutting costs in the long term. Additionally, developing risk technology systems will give banks an enterprisewide and real-time view of risks, allowing them to respond more quickly and accurately.

Change the way you manage risk

Banks need to be able to deal with short-term requirements and commit to a long-term strategic plan to change the way they manage risk. A tactical solution to meet immediate compliance needs is very necessary for banks to continue to “run the bank.” This is especially true in the context of recent regulatory fines.

Chartis estimates that the top 50 global banks have received fines totaling more than US$300 billion over the last five years. However, short-term tactical investments in risk technology should also be accompanied by a longer-term plan to make the bank’s risk management capabilities fit for the next decade and achieve benefits beyond compliance, including financial intelligence and customer analytics.

How can banks do this? Chartis makes the following recommendations:

Risk data aggregation and reporting. Ensure a rigorous focus on data management, reporting technologies and infrastructure across all risk classes (market, credit, operational, asset liability management, liquidity risk) and across all business lines.

Integration and collaboration. Streamline business processes and IT infrastructure through integration across the front office, middle office and back office.

Strike the right balance. Be conscious of maintaining an appropriate mixture of short-term, tactical point solutions that can meet immediate obligations, and long-term strategy that will integrate processes and prevent complexity from bringing down the bank. This can be enabled by a clear definition of the long-term (five-year) target architecture and operating model followed by a detailed road map consisting of short-term investments and steps toward the target.

Ultimately the short-term “run the bank” and long-term “change the bank” approaches do not need to be mutually exclusive. Leading banks are achieving the right balance between the two by establishing a self-regenerating cycle, where one feeds the other.

An earlier version of this article originally appeared in RiskTech Forum.

Peyman Mestchian is Managing Partner at Chartis, overseeing research strategy, key commercial relationships and advisory services. Previously, he was a Director of the Business Risk Consulting practice at Ernst & Young (London) and was also a member of Ernst & Young’s global taskforce for developing new products and solutions for addressing enterprise risk management. Over the last 15 years, Mestchian has been involved in numerous board-level consulting and implementation projects establishing risk management systems for leading banks, insurance companies and industrial organizations. He is a Fellow of the Institute of Risk Management.